If I want to have AWS/SuperUser rights for all accounts, do I have to add myself to every account?

No. If you grant yourself (or any account) AWS/SuperUser for the cluster and activate it, you will be granted AWS/SuperUser for all accounts in the cluster.

As a security best practice, Turbot does not recommend granting and activating the AWS/SuperUser right permanently for the entire cluster. An alternative solution is to grant the user AWS/SuperUser for the cluster, but only activate AWS/SuperUser in a particular account when required for a limited duration with the use of grant expiration.

Also, please note that AWS/SuperUser can only be granted by users who have Turbot/Owner rights at the Turbot installation level for security purposes.

Was this article helpful?
0 out of 0 found this helpful